blob: 90ff42ae73a4ae3da52ba716685d88484d321d4a [file] [log] [blame]
Randall Spanglere166d042014-05-13 09:24:52 -07001/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
Randall Spanglere166d042014-05-13 09:24:52 -07006#include <stdint.h>
7#include <stdio.h>
8
Joel Kitchinga82bb0e2021-01-18 15:37:56 +08009#include "2common.h"
Joel Kitchingffd42a82019-08-29 13:58:52 +080010#include "2rsa.h"
11#include "2sysincludes.h"
Randall Spanglere166d042014-05-13 09:24:52 -070012#include "file_keys.h"
Joel Kitchingffd42a82019-08-29 13:58:52 +080013#include "host_key.h"
Randall Spanglere166d042014-05-13 09:24:52 -070014#include "rsa_padding_test.h"
15#include "test_common.h"
Randall Spanglere166d042014-05-13 09:24:52 -070016
Kangheui Won4c523ed2020-10-02 11:09:06 +100017vb2_error_t hwcrypto_modexp_return_value = VB2_SUCCESS;
18vb2_error_t vb2ex_hwcrypto_modexp(const struct vb2_public_key *key,
19 uint8_t *inout,
20 uint32_t *workbuf32, int exp) {
21 return hwcrypto_modexp_return_value;
22}
23
24
Randall Spanglere166d042014-05-13 09:24:52 -070025/**
Randall Spanglere166d042014-05-13 09:24:52 -070026 * Test valid and invalid signatures.
27 */
28static void test_signatures(const struct vb2_public_key *key)
29{
Bill Richardson73e5eb32015-01-26 12:18:25 -080030 uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
Joel Kitching92ea19a2019-11-05 18:36:42 +080031 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
Randall Spanglere166d042014-05-13 09:24:52 -070032 uint8_t sig[RSA1024NUMBYTES];
33 struct vb2_workbuf wb;
34 int unexpected_success;
35 int i;
36
37 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
38
39 /* The first test signature is valid. */
Randall Spangler664096b2016-10-13 16:16:41 -070040 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070041 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -070042 "RSA Padding Test valid sig");
Randall Spanglere166d042014-05-13 09:24:52 -070043
44 /* All other signatures should fail verification. */
45 unexpected_success = 0;
46 for (i = 1; i < sizeof(signatures) / sizeof(signatures[0]); i++) {
Randall Spangler664096b2016-10-13 16:16:41 -070047 memcpy(sig, signatures[i], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070048 if (!vb2_rsa_verify_digest(key, sig,
49 test_message_sha1_hash, &wb)) {
Randall Spanglere166d042014-05-13 09:24:52 -070050 fprintf(stderr,
51 "RSA Padding Test vector %d FAILED!\n", i);
52 unexpected_success++;
53 }
54 }
55 TEST_EQ(unexpected_success, 0, "RSA Padding Test invalid sigs");
56}
57
58
59/**
Randall Spangler95047542014-10-17 16:41:46 -070060 * Test other error conditions in vb2_rsa_verify_digest().
Randall Spanglere166d042014-05-13 09:24:52 -070061 */
62static void test_verify_digest(struct vb2_public_key *key) {
Bill Richardson73e5eb32015-01-26 12:18:25 -080063 uint8_t workbuf[VB2_VERIFY_DIGEST_WORKBUF_BYTES]
Joel Kitching92ea19a2019-11-05 18:36:42 +080064 __attribute__((aligned(VB2_WORKBUF_ALIGN)));
Randall Spanglere166d042014-05-13 09:24:52 -070065 uint8_t sig[RSA1024NUMBYTES];
66 struct vb2_workbuf wb;
Randall Spanglerc8c2f022014-10-23 09:48:20 -070067 enum vb2_signature_algorithm orig_key_alg = key->sig_alg;
Randall Spanglere166d042014-05-13 09:24:52 -070068
69 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
70
Randall Spangler664096b2016-10-13 16:16:41 -070071 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -070072 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
73 "vb2_rsa_verify_digest() good");
Randall Spanglere166d042014-05-13 09:24:52 -070074
Randall Spangler225df792018-02-20 15:20:16 -080075 TEST_EQ(vb2_rsa_verify_digest(key, NULL, test_message_sha1_hash, &wb),
76 VB2_ERROR_RSA_VERIFY_PARAM, "vb2_rsa_verify_digest() bad arg");
77
Kangheui Won4c523ed2020-10-02 11:09:06 +100078 key->allow_hwcrypto = 1;
79 memcpy(sig, signatures[0], sizeof(sig));
80 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
81 hwcrypto_modexp_return_value = VB2_SUCCESS;
82 TEST_NEQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
83 VB2_SUCCESS, "vb2_rsa_verify_digest() hwcrypto modexp fails");
84
85 memcpy(sig, signatures[0], sizeof(sig));
86 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
87 hwcrypto_modexp_return_value = VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
88 TEST_SUCC(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
89 "vb2_rsa_verify_digest() hwcrypto modexp fallback to sw");
90 key->allow_hwcrypto = 0;
91
Randall Spangler664096b2016-10-13 16:16:41 -070092 memcpy(sig, signatures[0], sizeof(sig));
Randall Spanglere166d042014-05-13 09:24:52 -070093 vb2_workbuf_init(&wb, workbuf, sizeof(sig) * 3 - 1);
Randall Spangler95047542014-10-17 16:41:46 -070094 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -070095 VB2_ERROR_RSA_VERIFY_WORKBUF,
Randall Spangler95047542014-10-17 16:41:46 -070096 "vb2_rsa_verify_digest() small workbuf");
Randall Spanglere166d042014-05-13 09:24:52 -070097 vb2_workbuf_init(&wb, workbuf, sizeof(workbuf));
98
Randall Spanglerc8c2f022014-10-23 09:48:20 -070099 key->sig_alg = VB2_SIG_INVALID;
Randall Spangler664096b2016-10-13 16:16:41 -0700100 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -0700101 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -0700102 VB2_ERROR_RSA_VERIFY_ALGORITHM,
Randall Spangler95047542014-10-17 16:41:46 -0700103 "vb2_rsa_verify_digest() bad key alg");
Randall Spanglerc8c2f022014-10-23 09:48:20 -0700104 key->sig_alg = orig_key_alg;
Randall Spanglere166d042014-05-13 09:24:52 -0700105
106 key->arrsize *= 2;
Randall Spangler664096b2016-10-13 16:16:41 -0700107 memcpy(sig, signatures[0], sizeof(sig));
Randall Spangler95047542014-10-17 16:41:46 -0700108 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
Randall Spanglerb9be5362014-06-05 13:32:11 -0700109 VB2_ERROR_RSA_VERIFY_SIG_LEN,
Randall Spangler95047542014-10-17 16:41:46 -0700110 "vb2_rsa_verify_digest() bad sig len");
Randall Spanglere166d042014-05-13 09:24:52 -0700111 key->arrsize /= 2;
112
113 /* Corrupt the signature near start and end */
Randall Spangler664096b2016-10-13 16:16:41 -0700114 memcpy(sig, signatures[0], sizeof(sig));
Randall Spanglere166d042014-05-13 09:24:52 -0700115 sig[3] ^= 0x42;
Randall Spangler95047542014-10-17 16:41:46 -0700116 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
117 VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig");
Randall Spanglere166d042014-05-13 09:24:52 -0700118
Randall Spangler664096b2016-10-13 16:16:41 -0700119 memcpy(sig, signatures[0], sizeof(sig));
Randall Spanglere166d042014-05-13 09:24:52 -0700120 sig[RSA1024NUMBYTES - 3] ^= 0x56;
Randall Spangler95047542014-10-17 16:41:46 -0700121 TEST_EQ(vb2_rsa_verify_digest(key, sig, test_message_sha1_hash, &wb),
122 VB2_ERROR_RSA_PADDING, "vb2_rsa_verify_digest() bad sig end");
Randall Spanglere166d042014-05-13 09:24:52 -0700123}
124
125int main(int argc, char *argv[])
126{
Randall Spanglere166d042014-05-13 09:24:52 -0700127 struct vb2_public_key k2;
Randall Spangler5a9f4982016-10-14 15:37:25 -0700128 struct vb2_packed_key *pk;
Randall Spanglere166d042014-05-13 09:24:52 -0700129
130 /* Read test key */
131 if (argc != 2) {
132 fprintf(stderr, "Usage: %s <test public key>\n", argv[0]);
133 return 1;
134 }
Randall Spangler5a9f4982016-10-14 15:37:25 -0700135 pk = vb2_read_packed_keyb(argv[1], VB2_ALG_RSA1024_SHA1, 0);
136 if (!pk) {
Randall Spanglere166d042014-05-13 09:24:52 -0700137 fprintf(stderr, "Couldn't read RSA public key for the test.\n");
138 return 1;
139 }
Randall Spangler6e3931d2016-10-18 15:09:21 -0700140 if (VB2_SUCCESS != vb2_unpack_key(&k2, pk)) {
Randall Spangler5a9f4982016-10-14 15:37:25 -0700141 fprintf(stderr, "Couldn't unpack RSA public key.\n");
142 free(pk);
143 return 1;
144 }
Randall Spanglere166d042014-05-13 09:24:52 -0700145
146 /* Run tests */
147 test_signatures(&k2);
148 test_verify_digest(&k2);
149
150 /* Clean up and exit */
Randall Spangler5a9f4982016-10-14 15:37:25 -0700151 free(pk);
152 return gTestSuccess ? 0 : 255;
Randall Spanglere166d042014-05-13 09:24:52 -0700153}